Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.

Exam GCED topic 1 question 2 discussion

Actual exam question from GIAC's GCED
Question #: 2
Topic #: 1
[All GCED Questions]

An incident response team is handling a worm infection among their user workstations. They created an IPS signature to detect and block worm activity on the border IPS, then removed the worms artifacts or workstations triggering the rule. Despite this action, worm activity continued for days after. Where did the incident response team fail?

  • A. The team did not adequately apply lessons learned from the incident
  • B. The custom rule did not detect all infected workstations
  • C. They did not receive timely notification of the security event
  • D. The team did not understand the worm’s propagation method
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
Identifying and scoping an incident during triage is important to successfully handling a security incident. The detection methods used by the team didnt detect all the infected workstations.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
doesntmatter991
1 year, 10 months ago
I think D is more appropriate
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...